Increase in Emails Delivering Trojans

Summary

The NJCCIC has  seen an increase in attempts to deliver multiple trojans to NJ state employees from May into June. Cyber-criminals attempt to trick users into clicking on links or attachments delivered in emails to install trojans, which provide backdoor access for further malicious activity such as stealing, deleting, or modifying data, or installing additional malware. Recent emails attempting to deliver Dridex claim to be shipping notifications or invoices and contain Microsoft Word or Excel documents that use macros to download and install the malware. AgentTesla and FormBook  campaigns utilize similar tactics and techniques; however, emails often also claim to be inquiries or quotations and may contain malicious links or compressed (ACE) executables. Thread hijacking, or messages purporting to be replies from former emails, includes URLs linking to password-protected ZIP files containing VBS files that, if executed, drop the Ursnif trojan. Finally, emails delivering Glupteba contain links, or attachments with links, to websites with themes of fake software updates, tech support scams, and surveys leading to fake awards.

Recommendations

The NJCCIC recommends users and organizations educate themselves and others on these continuing threats and tactics to reduce victimization. Users are advised to avoid clicking links and opening attachments from unknown senders and exercise caution with emails from known senders. If you are unsure of an email’s legitimacy, contact the sender via a separate means of communication – such as by telephone – before taking any action.